You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Leo Riguspi (JIRA)" <ji...@apache.org> on 2015/06/05 17:45:00 UTC

[jira] [Created] (AMQ-5829) Fake AMQP connections remain in ActiveMQ and cause denial of service

Leo Riguspi created AMQ-5829:
--------------------------------

             Summary: Fake AMQP connections remain in ActiveMQ and cause denial of service
                 Key: AMQ-5829
                 URL: https://issues.apache.org/jira/browse/AMQ-5829
             Project: ActiveMQ
          Issue Type: Bug
          Components: Connector
    Affects Versions: 5.11.1
         Environment: Linux RedHat 5.5
            Reporter: Leo Riguspi
            Priority: Critical


Telnet connections on amqp and amqp+ssl transports remain visible in ActiveMQ (only from JMX!) even after they have been closed. Same happens for openssl connections.

This causes the maximumConnections limit to be reached and no more connections are accepted!!!

And it is therefore easy to perform a DoS.

To reproduce:
- configure ActiveMQ with the amqp or amqp+ssl transport
- monitor the connections via JMX, with jconsole (clientConnectors->amqp->remoteAddress)
- telnet on the transport port number
- see the new connection in Jconsole
- close the telnet session completely
- connection is still visible in jconsole

If you set the maximumConnections to 3, after three telnets nobody can connect!
- check



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)